Thursday, May 31, 2012

Breach of Customer Data Privacy Went Undetected for Three Years at Canadian Insurer

For 3 years a Canadian insurer failed to detect data privacy violations by one of their employees. The employee used his legitimate access to corporate applications to look at the private information of 12 customers without a "justifiable work purpose".

The insurer claims to have "internal processes that track access to [customer] records". So why did this employee's privacy violations go on for 3 years without being detected?

One clue is the the company's announcement which does not indicate HOW they caught the rogue employee just that the "breach of privacy was brought to the attention of the Commission’s Chief Executive and Privacy Officer". Perhaps the passive voice is being used because their "internal processes" were not the source of the discovery.
"We have zero tolerance when it comes to unauthorized access to confidential client information." - Organization's Privacy Officer
If the insurer was depending on employees to discover and report data privacy violations, it is not surprising it took years. A good Identity and Access Intelligence service would have caught the rogue employee 3 years earlier and demonstrated "Zero Tolerance" for breaches of customer data privacy.

Learn how to detect privacy violations when they happen, not 3 years after the fact. Download a whitepaper on service that proactively identifies unauthorized breaches of customer data privacy, even by employees - with no hardware and no on-site software.

(a) Workplace Health, Safety and Compensation Commission addressing privacy breach - Insurers website, February 3, 2012
(b) Workplace safety commission reports privacy breach - The Telegram, February 3, 2012

No comments:

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at